Jump to content
IGNORED

Classic99 flagged by antivirus?


Recommended Posts

All of a sudden, in the middle of the morning today, my Classic99 executable was deleted by Windows Defender.  I try to replace it and it gets deleted again.  When I try to re-download different versions from the official site, McAfee steps in and blocks the download.  I had used Classic99 daily, so this is turn of events is perplexing.

 

Has this happened to anyone else?

  • Sad 3
Link to comment
Share on other sites

Most anti-virus programs have an "out" to allow you to download/ run a program. I think the Defender "out" is the "More information" tab. The biggest problem is, when you download a new version, the anti-virus rejects it for a "reputation" issue (i.e., insufficient downloads to classify it as safe). The problem that I sometimes encounter is a rejection from CHROME. When that happens, I switch to EDGE and download the program.  

  • Like 3
Link to comment
Share on other sites

Something else to be aware of, not restricted to Classic99, is a new feature introduced in some Windows update which protects certain file locations from unauthorized access.  I got caught by this when trying to record a video to my Videos folder using OBS.  Not quite sure what Microsoft is thinking on this one, unless it thinks this is a reasonable approach to stopping crypto/ransomware.

  • Like 5
Link to comment
Share on other sites

I haven't reposted Classic99 for a while, but you are always welcome to ask VirusTotal to scan the download - though I try to be diligent I am no more immune to viruses than anyone else is.

 

  • Like 1
Link to comment
Share on other sites

4 hours ago, Tursi said:

I haven't reposted Classic99 for a while, but you are always welcome to ask VirusTotal to scan the download - though I try to be diligent I am no more immune to viruses than anyone else is.

VT has a web API you can use to submit files.  Would it be possible (I mean, of course it is possible, given the time needed,) to have your script which updates the website also submit to VirusTotal?

Link to comment
Share on other sites

6 hours ago, OLD CS1 said:

VT has a web API you can use to submit files.  Would it be possible (I mean, of course it is possible, given the time needed,) to have your script which updates the website also submit to VirusTotal?

You're asking me to write MORE code? ;)

 

It's possible, though I find it doesn't scan inside the zips to the detail I like anymore (I think it does a casual scan, but I get better results if I push the exe directly). I do scan my local copies and the web file there every time someone posts one of these, or if I ever see anything suspicious locally, but the script would need to know to unzip the file and push all the EXEs and check the results. Certainly doable, but... not high on my list of "want to"s ;)

 

If someone ELSE wants to, though, the parser is written in C++, or I can call a shell script from it. ;)

 

  • Haha 2
Link to comment
Share on other sites

17 hours ago, Tursi said:

If someone ELSE wants to, though, the parser is written in C++, or I can call a shell script from it. ;)

Is it just the CLASSIC99.EXE which changes, or do the DLLs change often enough to be concerned about them?

Link to comment
Share on other sites

On 6/24/2024 at 8:41 AM, OLD CS1 said:

Is it just the CLASSIC99.EXE which changes, or do the DLLs change often enough to be concerned about them?

Pretty rarely, but since they are included with every zip, if I get infected they may be.

  • Sad 1
Link to comment
Share on other sites

21 hours ago, theincrediblepeep said:

It was easy enough to add an exception.  I just thought it was weird that, all of a sudden one day, both my McAfee and Windows Defender went haywire over this executable that's been installed for years. 

Did they report a specific virus or just an AI detection? It's getting lots of those for manually loading and linking DLLs, writing to its program folder, checking window status, looking for other windows (like BUG99, IIRC), containing socket code (for debugger and TIPI)... off the top of my head. ;)

 

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...